CVE-2026-39821 affecting package kubevirt for versions less than 1.7.1-5

CVE-2026-39821 affecting package kubevirt for versions less than 1.7.1-5. A patched version of the package is available...

Improper Encoding or Escaping of Output

Overview launder is an A sanitize module for the people. Built for ApostropheCMS. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the linkHref field handling. An attacker can execute arbitrary JavaScript by supplying a javascript: URL in an image...

PdfDing 安全漏洞

PdfDing is a self-hosted PDF management, viewing, and editing tool developed by mrmn’s individual developer. Versions of PdfDing prior to 1.7.1 contained security vulnerabilities. These vulnerabilities stemmed from insufficient shared access verification, allowing authorized users to access share...

CVE-2026-25387

Missing Authorization vulnerability in Elementor Image Optimizer by Elementor image-optimization allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Optimizer by Elementor: from n/a through = 1.7.1...

CVE-2025-69188

Missing Authorization vulnerability in e-plugins fitness-trainer fitness-trainer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects fitness-trainer: from n/a through = 1.7.1...

WordPress fitness-trainer plugin <= 1.7.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin fitness-trainer versions = 1.7.1...

CVE-2025-14853 LEAV Last Email Address Validator <= 1.7.1 - Cross-Site Request Forgery to Plugin Settings Update

The LEAV Last Email Address Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions = 1.7.1. This is due to missing or incorrect nonce validation on the displaysettingspage function. This makes it possible for unauthenticated attackers to modify plugin settings via ...

PT-2025-52134

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in jbhovik Ray Enterprise Translation lingotek-translation allows PHP Local File Inclusion.This issue affects Ray Enterprise Translation: from n/a through = 1.7.1...

CVE-2025-64253 WordPress Health Check & Troubleshooting plugin <= 1.7.1 - Path Traversal vulnerability

Path Traversal: '.../...//' vulnerability in WordPress.org Health Check & Troubleshooting health-check allows Path Traversal.This issue affects Health Check & Troubleshooting: from n/a through = 1.7.1...

CVE-2025-13339

CVE-2025-13339 concerns the Hippoo Mobile App for WooCommerce WordPress plugin. The Wordfence report confirms an unauthenticated path traversal vulnerability allowing reading of arbitrary files via the template_redirect() function, affecting all versions up to and including 1.7.1. The affected so...

CVE-2025-12720 g-FFL Cockpit <= 1.7.1 - Improper Authorization to Unauthenticated Product Deletion

The g-FFL Cockpit plugin for WordPress is vulnerable to unauthorized modification of data due to IP-based authorization that can be spoofed in the handleenqueueonly function in all versions up to, and including, 1.7.1. This makes it possible for unauthenticated attackers to delete arbitrary...

CVE-2025-53242

Deserialization of Untrusted Data vulnerability in VictorThemes Seil seil allows Object Injection.This issue affects Seil: from n/a through = 1.7.1...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: jq (UTSA-2025-986131)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986131 advisory. jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed...

CVE-2025-54724 WordPress Golo Theme <= 1.7.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in uxper Golo golo allows Reflected XSS.This issue affects Golo: from n/a through = 1.7.1...

WordPress Golo Theme <= 1.7.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Bonds in WordPress Theme Golo versions = 1.7.1...

OESA-2025-1831 pam security update

PAM Pluggable Authentication Modules is a system of libraries that handle the authentication tasks of applications services on the system. Security Fixes: A vulnerability was found in Linux-PAM up to 1.7.0 and classified as critical.Using CWE to declare the problem leads to CWE-22. The product us...

OESA-2025-1830 pam security update

PAM Pluggable Authentication Modules is a system of libraries that handle the authentication tasks of applications services on the system. Security Fixes: A vulnerability was found in Linux-PAM up to 1.7.0 and classified as critical.Using CWE to declare the problem leads to CWE-22. The product us...

AZL-61967 CVE-2024-23337 affecting package jq for versions less than 1.6-3

jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue...

WordPress CF7 WOW Styler plugin <= 1.7.1 - Unauthenticated Arbitrary Shortcode Execution and Reflected Cross-Site Scripting vulnerability

Unauthenticated Arbitrary Shortcode Execution and Reflected Cross-Site Scripting vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin CF7 WOW Styler versions = 1.7.1...

WordPress EPROLO Dropshipping plugin <= 1.7.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin EPROLO Dropshipping versions = 1.7.1...